OAuth login failed: No profile

[chain710]

My oauth provider: authelia 4.38.12

• click Sign in with authelia redirect to authelia sso page
• click accept redirect back to hoarder login page, but got error OAuth login failed: No profile

my authelia instance works well with other self-host services like linkwarden and immich

found no useful log via docker logs hoarder

....

2024-09-23T14:47:13.944Z info: Workers version: 0.17.0
2024-09-23T14:47:13.954Z info: [Crawler] Connecting to existing browser instance: http://chrome:9222
(node:121) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
2024-09-23T14:47:13.960Z info: [Crawler] Successfully resolved IP address, new address: http://172.20.0.29:9222/
2024-09-23T14:47:15.981Z info: Starting crawler worker ...
2024-09-23T14:47:15.981Z info: Starting inference worker ...
2024-09-23T14:47:15.981Z info: Starting search indexing worker ...

env

REDIS_HOST=redis
REDIS_DB_IDX=15
DATA_DIR=/data
NEXTAUTH_SECRET=secret
BROWSER_WEB_URL=http://chrome:9222
MEILI_ADDR=http://meilisearch:7700
MEILI_NO_ANALYTICS=true
MEILI_MASTER_KEY=key
OPENAI_API_KEY=key
INFERENCE_IMAGE_MODEL=gpt-4o-mini
INFERENCE_TEXT_MODEL=gpt-4o-mini
OAUTH_WELLKNOWN_URL=https://auth.example.com/.well-known/openid-configuration
OAUTH_CLIENT_SECRET=secret
OAUTH_CLIENT_ID=hoarder
OAUTH_PROVIDER_NAME=authelia
NEXTAUTH_URL=https://h.example.com

[kamtschatka]

this happens, when authelia does not provide an email address or a name for the user you are using: https://github.com/hoarder-app/hoarder/blob/main/apps/web/server/auth.ts#L150

you'll have to check on authelia side to fill those in.

[MohamedBassem]

@kamtschatka I think we should probably remove the name restriction. If it's empty, we can just use the email and not fail the login on it.

[chain710]

this happens, when authelia does not provide an email address or a name for the user you are using: https://github.com/hoarder-app/hoarder/blob/main/apps/web/server/auth.ts#L150

you'll have to check on authelia side to fill those in.

You're right! I double-checked my Authelia configuration and discovered that the display name attribute was missing.

Thank you for your awesome work!

[mirisbowring]

Hi, I just tried to install hoarder today and wanted to connect it to my authentik install.
I experience the same behavior like OP.

I first tried release (which points to 17.1) and also latest but none of them fixed the issue.

Side Note: all fields in my OIDC Profile are set. There is a name, a username, an email, etc. so in theory this should work independent of the fix from above, no? :)

Thank you very much!

[MohamedBassem]

@mirisbowring what kind of error did you get? No profile as well?

[mirisbowring]

Yep:

[MohamedBassem]

@mirisbowring yeah, that's weird indeed. Did you by any chance change the OAUTH_SCOPE value?

[mirisbowring]

I've just set it to the defaults:

OAUTH_SCOPE="openid email profile"

Also commented this line out and still the same behaviour 😊

[mirisbowring]

I also checked the available fields resulting from https://auth.domain.tld/application/o/userinfo/

[mirisbowring]

Hi, since this issue persists, can we reopen this issue?